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TITLE OF THE INVENTION 
Method and Apparatus for Using Non-Secure File Servers for 
Secure Information Storage 

5 

CROSS REFERENCE TO RELATED APPLICATIONS 
N/A 

STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR 
10 DEVELOPMENT 

N/A 

BACKGROUND OF THE INVENTION 
The present invention relates to techniques for 

15 securely storing information on a non-secure file server and 
distributing the securely stored information among clients 
authorized to read and modify the information. 

In communications networks, file servers are typically 
employed to store files accessible over the network. With 

2 0 the advancements in digital data storage and the 
comparatively low cost of data storage, it is now 
commonplace to have one or more file servers that have large 
data storage capacities. Networks employed to interconnect 
various clients with the file server are often not secure 

25 and the file server itself is often not secure. Moreover, 
there are certain applications in which it is desirable to 
store data on file servers administered by an organization 
independent of the clients that have a need to store the 
data. For example, a company may desire, for purposes of 

30 redundancy, to store their information on one file server 
which is secure and located within the corporate environment 
and another file server which is remote from and independent 
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of the corporate enterprise. This may be done to protect 
against the possibility of natural or other disasters which 
could destroy the information stored in the secure file 
server on the corporate environment. Additionally, it may 
5 be more cost effective to outsource the storage function for 
large volume data storage. It would therefore be desirable 
in certain applications to be able to store data securely on 
a non-secure file server while being able to share the data 
among a number of clients that are authorized to have access 
10 to the data. 

BRIEF SUMMARY OF THE INVENTION 
A method and apparatus for storing data securely on an 
non-secure file server is disclosed. The disclosed 

15 technique prevents unauthorized users having access to the 
file server from obtaining intelligible information from the 
data stored on the file server and allows the data to be 
readily accessed by authorized clients or members of 
authorized groups. A first client desiring to store data on 

20 the non-secure file server encrypts the data with a first 
encryption key having an associated first decryption key. 
The first decryption key is encrypted, in a preferred 
embodiment, with a second encryption key having an 
associated second decryption key. The encrypted data and 

25 the encrypted first decryption key are forwarded from the 
first client to the file server for storage. The encrypted 
data is stored on the file server and the encrypted first 
decryption key is stored on the file server in an access 
control list associated with the encrypted data. In the 

30 event other clients are to be provided access to the file, 
the first client or another client having access to the data 
encrypts the first decryption key with respective encryption 
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keys having associated decryption keys known to the 
respective clients and the additional encrypted first 
encryption keys are also stored on the non-secure file 
server in association with the encrypted data as entries in 
5 the access control list. In response to a request to access 
the encrypted data, the file server returns the encrypted 
data and at least the applicable encrypted first encryption 
key needed to decrypt the data. Alternatively, the file 
server returns the entire access control list. Groups of 
10 clients may be assigned a group encryption key and an 
associated group decryption key. The first decryption key 
may be encrypted using the group encryption key and the 
first decryption key encrypted with the group encryption key 
may be stored in the access control list. The first 
15 decryption key may then be decrypted by any group member or 
group server having access to the group decryption key. In 
response to a request to access the data, the file server 
may thus return either single entry in the access control 
list or the entire access control list. The requesting 
2 0 client or a group server decrypts the applicable encrypted 
first decryption key within the list to obtain the 
decryption key needed to decrypt the data. 

Other features, aspects and advantages of the above- 
described techniques for securely storing data on a non- 
25 secure file server are described with particularity in the 
Detailed Description of the Invention which follows. 



BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING 
The invention will be more fully understood by 
30 reference to the following Detailed Description of the 
Invention in conjunction with the Drawing of which: 
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Fig. 1 is a block diagram illustrating a plurality of 
clients coupled to a file server over a network and 
operative in a manner consistent with the present invention; 
Fig. 2a is a block diagram of a client of the type 
5 depicted in Fig, 1; 

Fig. 2b is a block diagram of a file server of the type 
depicted in Fig. 1; 

Fig. 2c is a block diagram of a group server of the 
-type depicted in Fig. 1; 
10 Fig. 3a is a table illustrating an access control list 

including a single list entry; 

Fig. 3b is a table illustrating an access control list 
including three entries within the access control list; 

Fig. 3c is another example of an access control list 
15 that includes four entries within the access control list; 

Fig. 3d is another example of an access control list 
that includes 5 entries within the access control list; 

Fig. 4a is an illustrative message payload including a 
client identifier; an encrypted first decryption key and 
2 0 encrypted data; 

Fig. 4b is an illustrative message payload including 
plural client identifiers; an associated encrypted first 
decryption key for each of the respective client identifiers 
and encrypted data; 
25 Fig. 4c is an illustrative message payload including 

plural client identifiers, an associated encrypted first 
decryption key for each of the respective client 
identifiers, and encrypted data; 

Fig. 4d is an illustrative message payload including 
30 plural client identifiers and a group identifier, an 
associated encrypted first decryption key for each of the 
respective client and group identifiers, and encrypted data; 
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Fig. 5 is a flow diagram illustrating a method employed 
at a client for encrypting data and an associated decryption 
key for storage on the file server of Fig. 1; 

Fig. 6 is a flow diagram illustrating a method employed 
5 at a client for modifying an access control list stored on 
the file server of Fig, 1; 

Fig. 7 is a flow diagram illustrating a method employed 
at the file server of Fig. 1 for responding to a request for 
data from a client; 
10 Fig. 8 is a flow diagram illustrating a method employed 

at a client for decrypting encrypted data retrieved from the 
file server of Fig. 1; 

Fig. 9a depicts an access control list including a 
single access control list entry; 
15 Fig. 9b depicts an access control list including three 

access control list entries; 

Fig. 9c depicts an access control list including four 
access control list entries; 

Fig. 9d depicts an access control list including five 
20 access control list entries; 

Fig. 10a is an illustrative message payload including a 
10 check value and a first decryption key and data encrypted 
with a first encryption key; 

Fig. 10b is an illustrative message payload including 
25 plural encrypted check values and first decryption keys and 
data encrypted with the first encryption key; 

Fig. 10c is another illustrative message payload 
including plural encrypted check values and first decryption 
keys and data encrypted with the first encryption key; and 
30 Fig. lOd is another illustrative message payload 

including plural encrypted check values and first decryption 
keys and data encrypted with the first encryption key. 
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DETAILED DESCRIPTION OF THE INVENTION 
Consistent with the present invention a method and 
apparatus are disclosed for storing data securely on a 
5 non-secure file server while allowing the data to be 
accessed by a plurality of authorized clients and/or 
groups. The system is depicted generally in Fig. 1 in a 
simplified block diagram. The system includes a plurality 
of clients 12, identified as clients Ca - Cn and a file 

10 server 14 communicatively coupled via a network 10. 
Additionally, certain embodiments of the system may 
include a group server 16 which is communicatively coupled 
to the network 10. 

The network 10 may comprise a local area network, a 

15 wide area network, the Internet or any other network for 
communicatively coupling the respective clients 12, the 
file server 14 and the group server 16. The clients 12 
are depicted generally in Fig. 2a and may comprise a 
computer or processing element, a personal digital 

20 assistant (PDA) , an intelligent networked appliance, a 
controller or other device capable of storing and 
retrieving information to and from the file server 14. 
More specifically, the clients 12 typically include a 
processor 12a which is operative to execute programmed 

25 instructions out of an instruction memory 12b. The 
instructions executed in performing the functions herein 
described may comprise instructions stored within program 
code considered part of the operating systems 12e, 
instructions stored within program code considered part of 

30 an application 12f or instructions stored within program 
code allocated between the operating system 12e and the 
application 12f. The memory 12b may comprise random 
-6- 




access memory or a combination of random access memory and 
read only memory. The clients 12 include a network 
interface 12d for coupling the respective client to the 
network 10 and may optionally include secondary storage 
5 12c. 

The file server 14 is depicted generally in Fig. 2b 
and may comprise a storage subsystem in the form of an 
intelligent hard disk array or any other data storage 
subsystem suitable for accessing data in response to 

10 requests issued to the file server 14 by clients 
communicably coupled to the file server 14 via the network 
10. More specifically, the file server 14 typically 
includes a processor 14a which is operative to execute 
programmed instructions out of an instruction memory 14b. 

15 The instructions executed in performing the file server 
functions herein described may comprise instructions 
stored within program code considered part of the file 
server operating systems 14e, instructions stored within 
program code considered part of a file server application 

20 14f or instructions stored within program code allocated 
between the file server operating system 14e and the file 
server application 14 f. The memory 14b may comprise 
random access memory or a combination of random access 
memory and read only memory. The file server 14 includes 

25 a network interface 14d for coupling the respective client 
to the network 10 and includes secondary storage 14c for 
storing encrypted data forwarded from the clients 12 along 
with associated access control lists as discussed 
hereinafter in greater detail. 

30 The group server 16 is generally depicted in Fig. 2c. 

The group server 16 is employed in specific embodiments 
which support the distribution of encrypted data among 
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groups having a plurality of clients or other groups as 
members. The group server 16 typically includes a 
processor 16a which is operative to execute programmed 
instructions out of an instruction memory 16b. The 
5 instructions executed in performing the group server 
functions herein described may comprise instructions 
stored within program code considered part of the group 
server operating systems 16e, instructions stored within 
program code considered part of a group server application 
10 14f or instructions stored within program code allocated 
between the file server operating system 16e and the file 
server application 16f. The memory 16b may comprise 
random access memory or a combination of random access 
memory and read only memory. The group server 16 includes 
15 a network interface 16d for coupling the respective client 
to the network 10 and includes secondary storage 16c for 
storing encrypted data forwarded from the clients 12 along 
with associated access control lists as discussed 
hereinafter in greater detail, 
20 A first system for securely storing data on the file 

server 14 and securely distributing the data among clients 
12 authorized to obtain access to the data is described 
below with reference to Figs. 1, 3a-3d and 4a-4d. When a 
client, such as client Ca, desires to store data on a non- 
25 secure file server, such as the file server 14, the client 
Ca encrypts the data with a first encryption key Kie having 
a corresponding first decryption key Kid. For brevity, the 
first decryption key Kid appears as the key K within the 
braces in the Figures and the first encryption key appears 
30 as the key K outside of the braces and as a subscript. In 
a preferred embodiment, the first encryption key and the 
first decryption key comprise a single symmetric key 
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although the first encryption key and the first decryption 
key may comprise public and private keys or a public key 
pair. For purposes of reference, the data to be stored on 
the file server 14 is referred to as data or file F. 
5 After encrypting the data F, the client Ca encrypts the 
first decryption key Kid with a second encryption key K2e 
having a corresponding second decryption key Ksa known to 
the client Ca- In a preferred embodiment the second 
encryption key K2e comprises the public key of a public key 

10 pair owned by the client Ca. Thus, the encrypted first 
decryption key can only be decrypted by the client 12 
which owns or has access to the private key of the public 
key pair, which typically would be only client Ca. The 
encrypted data and the encrypted first decryption key Kid 

15 along with a client or group identifier are forwarded over 
the network 10 by the client 12 Ca for receipt by the file 
server 14. As illustrated in Fig. 3a, the file server 14 
stores the received encrypted first decryption key along 
with the client identifier Ca in an access control list. 

20 The access control list may be stored separately from the 
associated encrypted data as depicted in Fig. 3a or 
alternatively, stored in a header along with the encrypted 
data file as illustrated in Fig. 4a. 

Since, in the present example, the first decryption 

25 key has been encrypted with only the second encryption key 
having a second decryption key owned by client Ca only 
client Ca can presently obtain access to the encrypted 
data. The client Ca 12 may access the data stored on the 
file server 14 as follows. The client Ca issues a request 

30 to the file server 14 to access the data. In the present 
embodiment, the file server 14 compares the client 
identifier Ca to the client identifiers stored within the 
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access control list as depicted in Fig. 3a. Since the 
client identifier of the client 12 issuing the request to 
the file server 14 matches the client identifier Ca in the 
access control list, the file server 14 retrieves the 
5 corresponding encrypted first decryption key (encrypted 
with the public key of client Ca) and returns the encrypted 
first decryption key along with the encrypted data to the 
client Ca- The client Ca, upon receipt of the encrypted 
first decryption key Kid (which was encrypted with the 

10 client Ca ' s public key), and the encrypted data, decrypts 
the encrypted first decryption key Kid to obtain the 
unencrypted first decryption key and then decrypts the 
data F using the first decryption key. In this manner, 
the data F may be securely stored on the file server 14 

15 and retrieved by the client 12 that initially stored the 
data. While in the above example, the file server 14 
compared the client identifier of the client requesting 
the data to the client identifier within the access 
control list to identify the encrypted first decryption 

20 key to be returned, the file server 14 may return to the 
requesting client the entire access control list. 

In many circumstances, it is desirable to be able to 
have one client 12 store data on the file server 14 while 
allowing other authorized clients 12 to access the data. 

25 The following example illustrates key distribution 
mechanisms which allow keys to be distributed so that 
encrypted data stored on a non-secure file server 14 may 
be accessed by a number of authorized clients 12 and group 
members . 

30 Referring to Figs. 3b and 4b, and continuing with 

example depicted in Figs. 3a and 4a, assume that client Ca 
desires to permit clients Cb and Cc access to the encrypted 
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data F stored on the file server 14 by the client Cg. In 
this circumstance, the client Ca retrieves the access 
control list for the encrypted data F stored on the file 
server 14, obtains the first decryption key by decrypting 
5 the encrypted first decryption key and encrypts the first 
decryption key Kid with each of the public keys of the 
public key pairs of clients 12 Cb and Cc. The client Ca 
then appends the additional encrypted first decryption 
keys to the access control list along with the client 

10 identifiers for the respective encrypted first decryption 
keys as depicted in Fig. 3b. The modified access control 
list is forwarded by the client Ca to the file server 14 
and the modified access control list is stored on the file 
server 14 as indicated in Fig. 3b. Alternatively, the 

15 modified access control list is stored as a header in 
conjunction with the encrypted data F as depicted in Fig. 
4b. In response to a request to access the data F from 
any one of the authorized clients Ca, C^ or Cc , the file 
server compares the client identifier of the requesting 

20 client and returns the applicable encrypted first 
decryption key along with the encrypted data F or 
alternatively, returns to the requesting client the entire 
access control list as it then exists along with the 
encrypted data F. If a single encrypted first decryption 

25 key is returned, the requesting client 12 decrypts the 
encrypted first decryption key with the private key of its 
public key pair and utilizes the decrypted first 
decryption key to decrypt the encrypted data F. If the 
entire access control list is returned to the requesting 

30 client, the requesting client compares its client 
identifier to the client identifiers within the access 
control list to select the applicable encrypted first 
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decryption key to be employed in the data decryption 
process. In the above-described manner, the client 12 
that initially stored the encrypted data F has added to 
the access control list encrypted decryption key entries 
5 which allow other authorized clients to decrypt the stored 
data. 

Continuing with the present example, and as depicted 
in Figs. 3c and 4c, clients 12 that are authorized to 
access the data F may authorize other clients 12 to access 

10 the data F. For example, assume that client Cc, which has 
been authorized to access the encrypted data F, desires to 
add client Cd to the access control list so that client Cd 
is authorized to access the encrypted data F. In this 
circumstance, as described above, client Cc retrieves the 

15 access control list associated with the data F. Client Cc 
then retrieves the unencrypted first decryption key by 
decrypting the encrypted first decryption key that had 
been encrypted utilizing Cc's public key. Client Cc then 
encrypts the first decryption key using client Cd's public 

20 key. After encrypting the first decryption key with 
client Cd's public key, the client identifier Cd and the 
encrypted first decryption key for client Cd is appended to 
the access control list and the modified access control 
list is forwarded to the file server 14. The modified 

25 access control list is stored on the file server 14 as 
depicted in Fig. 3c or alternatively, in conjunction with 
the encrypted data as depicted in Fig. 4c. 

In response to a request to access the encrypted data 
F initiated by client Cd, the file server returns to the 

30 client Cd either the applicable encrypted first decryption 
key which was encrypted using client Cd 's public key along 
with the encrypted data F or alternatively, the entire 
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current access control list along with the encrypted data 
F as discussed above. It should be noted that the access 
control list may be modified by appending the new entries 
to the list rather than forwarding the entire modified 
5 access control list to the file server 14 for storage. 

Groups of clients 12 may also be authorized to obtain 
access to the encrypted data F stored on the file server 
14. For example, referring to Fig. 1 assume that a group 
Gi is composed of clients Ce and Cf. Member clients 12 

10 belonging to the group Gi may be provided access to the 
encrypted data F stored on the file server 14 as described 
below. The group Gi is provided with a public key pair 
comprising a group public key and a group private key. In 
a first embodiment for servicing groups of clients, each 

15 of the member clients within the group Gi is provided with 
the group private key so that each group member can 
decrypt information encrypted using the group public key. 
A client or a client member of a group previously 
authorized to obtain access to the encrypted data F may 

20 add the group Gi to the access control list in the manner 
previously described. More specifically, continuing with 
the prior example, assume that client Cd desires to add 
group Gi to the access control list. In this circumstance, 
client Cd retrieves either its own encrypted first 

25 decryption key, or alternatively, retrieves the then 
current access control list from the file server 14. The 
client Cd decrypts the encrypted first decryption key to 
obtain the unencrypted first decryption key and encrypts 
the first decryption key using the public key of the group 

30 Gi. The first decryption key encrypted with the public key 
of group Gi is then appended to the access control list and 
the modified access control list is forwarded to the file 
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server 14. Alternatively, the client Cd may forward to the 
client server 14 the encrypted first decryption key for 
the group Gi to be appended to the access control list as 
depicted in Fig. 3d or stored in conjunction with the 
5 encrypted data F as illustrated in Fig. 4d. In response 
to a request to access the file from a client 12 which is 
a member of the group Gi, the file server returns the 
applicable encrypted first decryption key for the group 
along with the encrypted data F or alternatively, returns 

10 the entire access control list along with the encrypted 
data F as discussed above. The requesting client which is 
a member of the group Gi, can decrypt the encrypted first 
decryption key to obtain the unencrypted first decryption 
key using the group private key and then decrypt the 

15 encrypted data F using the unencrypted first decryption 
key. 

While the provision of the group private key to the 
group members has certain advantages in terms of 
processing efficiency, this approach also has certain 

20 disadvantages. In particular, if a group member ceases to 
be a member of the group, the public key pair for the 
group would need to be modified to prevent the former 
group member from accessing the files based upon the 
clients former membership in the group. Additionally, 

25 access control list entries for the group would need to be 
re-encrypted such that the list would contain the first 
decryption key encrypted with the new group public key. 

In another embodiment which is operative to service 
requests for files from members of a group, a group server 

30 16 depicted in Fig. 1 is employed to decrypt an encrypted 
copy of the first encryption key. A client 12 or group 
server 16 encrypts the first decryption key with the 
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public key of the group server 16 and modifies the access 
control list or the header of the encrypted data stored on 
the file server 14 to include the group identifier and the 
encrypted first decryption key as depicted in Figs 3d or 
5 4d. In response to a request from a client 12 group Gi 
member for access to data stored in encrypted form on the 
file server 14, the file server 14, as described above, 
returns the encrypted data to the requesting client 12 
group Gi member along with either the encrypted first 

10 decryption key (encrypted with the group server public 
key) for the group Gi or alternatively, returns to the 
requesting client 12 group member the entire access 
control list. The requesting client 12, upon receipt of 
the encrypted key or the access control list, forwards at 

15 least the encrypted first decryption key for the group Gi 
(encrypted with the group server 16 public key) to the 
group server 16. The group server 16 then determines 
whether the client that forwarded the encrypted first 
decryption key for decryption is a member of the 

20 respective group. If the client that forwarded the 

request is not a member of the group, the group server 16 
does not proceed with the decryption of the encrypted 
first decryption key. If the client that forwarded the 
request is a member of the group, the group server 16 

25 decrypts the encrypted first decryption key with the group 
server private key to obtain the unencrypted first 
decryption key. The group server 16 then forwards the 
first decryption key to the group member via a secure 
channel. The secure channel may comprise a physically 

30 secure channel or alternatively may comprise an encrypted 
message forwarded to the respective client over a non- 
secure communications link. For example, the group server 
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16 may encrypt the first decryption key with the public 
key of the respective client 12 or alternatively with a 
symmetric key shared between the group server 16 and the 
respective client 12. If the first decryption key is 
5 encrypted with the public key of the client 12, only the 
client 12 having the corresponding private key can decrypt 
the encrypted first decryption key which was encrypted 
with respective clients public key. Upon receipt and 
decryption of the encrypted first decryption key, the 

10 client that initiated the request for data can utilize the 
unencrypted first decryption key to decrypt the encrypted 
data retrieved from the file server 14. The utilization 
of a group server 16 to perform decryption and forwarding 
of the first decryption key to the client group member 

15 that requested data from the file server 14 avoids the 
need to assign a new public key pair in the event that a 
client ceases to be a group member and additionally, 
avoids the need to update the access control list should a 
group member exit the group. It should also be noted that 

2 0 a symmetric key may be employed between the group server 
16 and a client group member to establish the secure 
channel over the non-secure communications link. 

The method employed at a client 12 to store data on 
the non-secure file server 14 while using non-encrypted 

25 client and group identifiers to identify encrypted first 
decryption keys in the access control list is illustrated 
in Fig. 5. Referring to Fig. 5, the client 12 (or group 
member) first obtains the data to be stored on the non- 
secure file server 14 as illustrated in step 20. The data 

30 may comprise a file generated by the client, such as a 
text file or any other file generated by the client 12, a 
database, information obtained by the client 12 from 
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another client, or any other form of information or data 
that the client desires to store on the non-secure file 
server 14. The client 12 next encrypts the data to be 
stored on the file server 14 with a first encryption key 
5 having an associated first decryption key as illustrated 
in step 22. The client 12 also encrypts the first 
decryption key with a second encryption key having an 
associated second decryption key known to the respective 
client or group as depicted in step 24. A first key 

10 identifier is associated with the encrypted first 
decryption key as shown in step 26. In the event the 
client 12 is storing the data for its own decryption, the 
key identifier would correspond to the respective client 
12 identifier; i.e. if the client Ci is storing the 

15 encrypted data on the non-secure file server for its own 
retrieval, the client Ci associates the key identifier Ci 
in unencrypted form with the encrypted first decryption 
key encrypted with the client Ci second encrypted key. The 
client Ci may encrypt the first encryption key with its own 

20 public key and use its own client identifier Ci as the key 
identifier. In the event the data is first to be stored 
in the file server 14 on behalf of a group Gi, the group 
member or group server that is storing the data on the 
file server 14 encrypts the first decryption key with a 

25 second encryption key having an associated second 
decryption key which is either published to the group 
members or alternatively, retained by the group server 14. 
The client 12 or group server 16 associates the group key 
identifier Gi with the encrypted first decryption key and 

30 forwards the key identifier, the encrypted first 
decryption key and the encrypted data to the file server 
14 for storage as illustrated in step 28. 
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Fig. 6 illustrates the method for modifying the 
access control list that is employed at a client (or group 
server if applicable) authorized to obtain access to the 
encrypted data stored on the non-secure file server 14. 
5 Assume that a first client 12 that is authorized to access 
the stored data desires to authorize a second client to 
access the stored data. As depicted in step 40, the first 
client 12 that is authorized to access the stored data 
obtains the encrypted first decryption key associated with 

10 its key identifier. This may occur in a number of ways. 
If the first client 12 is in possession of the first 
decryption key the first client need not obtain the 
encrypted first decryption key from the file server 14. 
In the event the first client 12 does not have the 

15 encrypted first decryption key in its possession, or as a 
default, the first client 12 may request that the 
encrypted first decryption key associated with the first 
client's key identifier be returned from the file server 
14. Alternatively, the first client 12 may request that 

20 the then existing access control list (which includes the 
encrypted first encryption key encrypted with the first 
clients second encryption key) be returned from the file 
server 14. The objective of this step is simply to obtain 
at the first client a copy of the unencrypted first 

25 encryption key. If the first client 12 retrieves an 
encrypted copy of the first encryption key from the file 
server 14, the client 12 decrypts the respective encrypted 
first decryption key with its second decryption key to 
obtain the unencrypted first decryption key. As 

30 previously discussed, the second encryption and decryption 
keys are preferably the respective public and private keys 
of the public key pair owned by the respective client 12. 
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Alternatively, syiranetric keys may be employed which are 
shared among the clients 12 that are authorized to access 
the stored data and authorized to modify the access 
control list. 

5 After obtaining the unencrypted first decryption key, 

the first client 12 that desires to modify the access 
control list obtains a second encryption key of a second 
client 12 to be provided access to the stored data. The 
second client 12 second encryption key has an associated 

10 second client second decryption key. As discussed above, 
the second client 12 second encryption key and second 
decryption key are preferably public and private keys of a 
public key pair owned by the added client. The first 
decryption key is encrypted by the first client 12 using 

15 the second encryption key of the second client as depicted 
in step 42. The second client key identifier is then 

associated with the second client's encrypted first 
decryption key as depicted in step 44. Thereafter, the 
second client key identifier and the second client's 

20 encrypted first decryption key are appended to the access 
control list as illustrated in step 46. This information 
may be appended to the access control list in a number of 
ways. For example, the access control list may be 

retrieved by the first client and the first client may 

25 append the second client key identifier and encrypted 
first decryption key information to the prior access 
control list to form the modified access control list. 
Alternatively, the new key identifier and encrypted first 
decryption key may be forwarded to the file server 14 and 

30 such information may be added to the access control list 
by the file server 14 in response to a request issued by 
the first client. Finally, if the access control list is 
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stored as a header to the encrypted data stored on the 
file server 14, the header is modified to correspond to 
the modified access control list. Thus, any client that 
is authorized to access the data stored on the non-secure 
5 file server 14 may modify the access control list to 
authorize other clients or groups to access the stored 
data . 

Fig. 7 illustrates the operation of the file server 
14 in response to a request for stored data from a client 

10 12 authorized to access such data. As indicated in step 
60, a client authorized to access data stored on the non- 
secure file server 14 issues a request to the file server 
14 to retrieve the data. In response, the file server 14 
retrieves the encrypted data and at least the encrypted 

15 first decryption key associated with the requesting client 
12 as shown in step 62. More specifically, the file 
server 14, upon receipt of the request for data, may 
retrieve the data along with the relevant encrypted first 
decryption key by retrieving from the access control list 

20 the key associated with the client or group identifier 
that issued the request. By retrieving only the needed 
key with the encrypted data and forwarding only the needed 
key to the requesting client 12, network bandwidth is 
conserved. Alternatively, the file server 14, in response 

25 to a request for data, may retrieve the entire access 
control list and return the entire access control list and 
the encrypted data to the client. In either case, the 
file server 14 forwards to the client 12 that issued the 
request for the data the encrypted data along with at 

30 least the relevant encrypted first decryption key as 
depicted in step 64. 
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Prior to forwarding the encrypted data and the 
encrypted first decryption key to a requesting client the 
file server 14 may perforin a test to authenticate the 
client and ascertain whether the requesting client is 
5 included on the access control list. If the client is not 
included on the access control list, the file server may 
decline to return to the requesting client the encrypted 
data and/or the encrypted first decryption keys. 

Fig, 8 illustrates the operation of a client 12 that 

10 desires to retrieve data stored on the non-secure file 
server 14. As illustrated at step 80, the client 12 (e.g. 
client Cb or a group member such as Ce in group d) that 
desires to retrieve data from the file server 14 issues a 
request to the file server for the particular data, 

15 Typically, the request will be in the form of a request to 
access data having a known file name. As illustrated in 
step 82, in response to the request, the requesting client 
receives from the file server 14 at least one encrypted 
decryption key for decrypting the encrypted data along 

20 with the encrypted data. As discussed above with respect 
to Fig. 7, the client 12 that issued the request may 
receive a single encrypted first decryption key (if the 
file server parses the request to identify the needed key 
from the received access control list) or alternatively, 

25 the full access control list (in which case, the 
requesting client identifies the needed key) . 
Additionally, as discussed above, if the requesting client 
is a member of a group, the encrypted key or access 
control list, as applicable, may be forwarded to the group 

30 server 16 for decryption of the relevant encrypted first 
decryption key and the unencrypted first decryption key 
securely communicated to the respective group member. The 
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requesting client 12 or group member thus obtains an 
unencrypted copy of the first decryption key as depicted 
in step 84 and the unencrypted first decryption key is 
utilized to decrypt the encrypted data as shown in step 
5 86. 

In the embodiments described above, the client and 
group identifiers stored in the access control list or 
data header on the file server 14 are stored in 
unencrypted form or, as referred to in the trade, "in the 

10 clear". Thus, the file server 14 and users having access 
to the file server can access the identity of the clients 
and groups that are authorized to access given data even 
if such users cannot access the encrypted data and 
encrypted key associated with the respective identifiers. 

15 In certain environments it may be desirable to preclude 
the file server and unauthorized users from obtaining even 
client and group identifying information. To prevent 
access to client and group identifiers while still 
permitting secure storage of data on a non-secure file 

20 server, variations of the above-described techniques are 
employed. These embodiments are described with respect to 
access control list examples illustrated in Figs. 9a 
through 9d and message payload data illustrated in Figs. 
10a through lOd. 

25 By way of example, assume that client Cg desires to 

store data on the non-secure file server 14. The client Ca 
encrypts the data with a first encryption key having an 
associated first decryption key. As discussed above, the 
first encryption and decryption keys are preferably a 

30 symmetric key, but a public key pair may be employed. The 
client Ca appends the unencrypted first decryption key "K" 
to an unencrypted client identifier or unencrypted check 
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value "X" and encrypts the data stream {XK} with a second 
encryption key having an associated second decryption key 
known to client Ca- The second encryption key in a 
preferred embodiment is the public key of a public key 
5 pair owned by the client Ca. The value X may be the client 
identifier (or group identifier) for the client Ca storing 
the data or alternatively, a secret value or a value known 
to the client Cg. For purposes of illustration in the 
present example it will be assumed that the value X is the 

10 client identifier Ca and the client identifier occupies a 
predetermined number of bytes. The encrypted data stream 
along with the encrypted data is forwarded by the client Ca 
to the file server 14. The encrypted data stream {XA} is 
stored in an access control list as depicted in Fig. 9a 

15 and associated with the stored encrypted data. 
Alternatively, the encrypted data stream is stored as a 
header to the encrypted data as depicted in Fig. 10a. 

In response to a request from the client Ca to read 
the data stored on the file server 14, the file server 

20 returns the access control list for the encrypted data 
along with the encrypted data. The client Ca then attempts 
to decrypt each encrypted data stream in the access 
control list with its second decryption key, which, in the 
present example, comprises the private key of client Ca. 

25 In the initial example depicted in Fig 9a the access 
control list includes a single entry. After decrypting 
the encrypted data stream with client Ca's second 
decryption key, client Cg strips off an initial 
predetermined number of bytes from the decrypted data 

30 stream and compares the initial byte value to the client 
identifier for the client Ca. If the values compare, the 
data which follows is the unencrypted first decryption 
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key. The first decryption key is then used to decrypt the 
encrypted data that was retrieved from the file server. 
If the values do not compare, the remaining encrypted data 
streams in the access control list are decrypted using the 
5 respective second decryption key to determine which data 
stream includes the first decryption key that was 
encrypted with the respective client's second encryption 
key. Upon decrypting the proper data stream, the first 
encryption key is used to decrypt the encrypted data. It 

10 is noted that the present embodiment in which group 
identifiers are not in the clear is more compute intensive 
since the encrypted data streams must be sequentially 
decrypted to locate the data stream that was initially 
encrypted using the respective client's second encryption 

15 key. Additionally, as discussed hereinafter, the 

situation is more complex when the access control list 
includes an encrypted data stream which may only be 
decrypted by a group server. 

By way of further example, assume that client Ca 

20 desires to authorize clients Cb and Cc to access the 
encrypted file. This is accomplished by modifying the 
access control list. More particularly, the client Ca 
obtains the first decryption key. If the first decryption 
key has not been retained within the client Ca, client Ca 

25 retrieves the access control list from the file server 14 
and decrypts the entries in the access control list with 
client Ca's second decryption key until the entry encrypted 
with client Ca's second encryption key is located. After 
decrypting the data stream {XK} that includes the value X 

30 which corresponds to the client's identifier, the 
corresponding first decryption key is used by the client Ca 
to generate new data stream entries for inclusion in a 
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modified access control list. In particular, referring to 
Fig. 9b, the first decryption key (K) is appended to the 
client identifier for client Cb (X) and the combined data 
stream is encrypted with the second encryption key for the 
5 client Cb . Additionally, the first decryption key (K) is 
appended to the client identifier for client Cc (X) and 
the combined data stream is encrypted with the second 
encryption key for the client Cc- The encrypted data 

streams are then added to the access control list as shown 

10 in Fig. 9b or included in the header of the encrypted data 
as illustrated in Fig. 10b. 

In the event one of the clients 12 authorized to 
access the data stored in encrypted form on the file 
server 14 issues a request to the file server 14 to access 

15 the data, the file server returns the entire access 
control list along with the encrypted data. The 
requesting client 12 decrypts each successive encrypted 
data stream and tests the decrypted value X against its 
own client identifier (or check value) to identify the 

20 first decryption key that was encrypted with the 
respective client's second encryption key. The first 
decryption key is then used to decrypt the encrypted data. 

Any client 12 that is authorized to access the data 
stored on the file server 14 can authorize another client 

25 12 to access the stored data. For example, referring to 
Figs. 9c and 10c, any of clients Cg, Cb and Cc can modify 
the access control list to authorize client Cd to access 
the stored data as described above with respect to Figs, 
9b and 10b. 

30 Groups of clients may also be authorized to access 

data stored on the non-secure file server 14 without using 
un-encrypted group identifiers. Assume that client Cc 
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desires to authorize group Gi to access the encrypted data 
stored on the file server 14. In such event, client Cc 
obtains the first decryption key as discussed above. 
Client Cc then appends the first decryption key to the 
5 group identifier d to form a data stream, encrypts the 
data stream with a second encryption key which has a 
corresponding second decryption key owned by the group Gi. 
In a preferred embodiment, the second encryption key 
comprises the public key of the group Gi and the second 

10 decryption key comprises the private key of the group Gi . 
The second decryption key for the group Gi may be 
distributed among the members of the group or 
alternatively, retained by a group server such as group 
server 16. The encrypted data stream is added to the 

15 access control list as depicted in Fig. 9d or 
alternatively, included the header of the encrypted data 
as depicted in Fig. lOd. In the event the group Gi members 
are provided with the group Gi second decryption key, a 
group member retrieves the stored data as follows. Assume 

20 group Gi includes clients Ce and Cf. In the event client Cf 
issues a request to the file server 14 for the stored 
data, the file server 14 returns the entire access control 
list (e.g. the access control list depicted in Fig. lOd) 
along with the encrypted data. Client Cf may not be 

25 authorized to access the file individually, but may be 
authorized to access the data as a member of the group Gi. 
In such event, the client Cf attempts to decrypt the data 
streams within the retrieved access control list using its 
client second decryption key. In such event, none of the 

30 values X will match the client Cf identifier following 
decryption of the data streams. The client Cf may then 
attempt to decrypt the encrypted data streams within the 
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access control list using the group d second encryption 
key. This effort will result in the identification of the 
group identifier Gi within one of the decrypted data 
streams. Upon identifying the group identifier Gi client 
5 Cf uses the associated first decryption key to decrypt the 
encrypted data. 

To avoid the problems discussed above with respect to 
the distribution of the group second decryption key, 
instead of distributing the group second decryption key to 

10 the group members, the key may be retained by the group 
server 14. If the client Cf is unable to decrypt an 
encrypted data stream within the access control list using 
its own second decryption key (e.g. the client Cf private 
key) , client Cf forwards the access control list to the 

15 group server 14 which attempts to decrypt the encrypted 
data streams within the access control list using the 
group server second decryption key (e.g. the group Gi 
private key) . Upon recognizing the group Gi identifier, 
the group server extracts the first decryption key from 

20 the applicable data stream and forwards the first 
decryption key via a secure channel to the client Cf that 
issued the initial request for the data stored on the non- 
secure file server 14. The first decryption key may be 
forwarded over a secure physical channel or alternatively, 

25 may be encrypted with an encryption key having an 
associated decryption key known to the client Cf. The 
client Cf may then utilize the first decryption key 
obtained from the group server 16 to decrypt the encrypted 
data . 

30 While in the above example, client Cf attempted to 

decrypt the data streams within the retrieved access 
control list before forwarding the list to the group 
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server 16, it should be appreciated that the client Cf may 
forward the access control list initially to the group 
server 14 and not initiate decryption of data streams 
within the retrieved access control list until results are 
5 first received from the group server 16. Alternatively, 
the client Cf may initiate decryption of the data streams 
within the retrieved access control list with its own 
second decryption key while forwarding the access control 
list to the group server 16 for decryption of the data 

10 streams within the access control list in parallel. In 
this manner, the average time to obtain the first 
decryption key, and thus, to decrypt the encrypted data 
may be reduced. 

The above described examples illustrate the use of 

15 encrypted client and group identifiers. As mentioned 
above, a password or known check value may be employed as 
the value X to which the first decryption key is appended. 
The known value will only be generated by a client 
decrypting the data stream with a second decryption key 

20 for which the respective data stream was encrypted using 
the corresponding second encryption key. 

While in the above-described embodiments, the file 
server 14 transmits encrypted information to a client in 
response to a request issued by the respective client, it 

25 should be appreciated that the file server may transmit 
such information in the absence of a specific request from 
a particular client. For example, the file server 14 may 
periodically transmit encrypted information along with one 
or more of the access control list entries to one or more 

30 of the clients 12. Additionally, such transmission may 
occur on a non-periodic basis in response to specified 
events . 
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Those skilled in the art should readily appreciate 
that computer programs operative to perform the functions 
herein described can be delivered to a client, or file 
server or group server in many forms; including, but not 
5 limited to: (a) information permanently stored in a non- 
writable storage media (e.g. read-only memory devices 
within a computer such as ROM or CD-ROM disks readable by 
a computer I/O attachment) ; (b) information alterably 
stored on writable storage media (e.g. floppy disks, 

10 tapes, read/write optical media and hard drives) ; or (c) 
information conveyed to a computer through a communication 
media, for example, using baseband or broadband signaling 
techniques, such as over computer or telephone networks 
via a modem. In addition, it should be appreciated that 

15 the presently described methods may be implemented in 
software executing out of a memory on respective client, 
file or group server processors. Alternatively, the 
presently described functions may be embodied in whole or 
in part using hardware components such as Application 

20 Specific Integrated Circuits (ASICs), state machines, 
controllers or other hardware components or devices, or a 
combination of hardware components and software processes 
without departing from the inventive concepts herein 
described. 

25 Those of ordinary skill in the art should further 

appreciate that variations to and modifications of the 
above-described methods and systems for granting access to 
a computer resource may be made without departing from the 
inventive concepts disclosed herein. Accordingly, the 

30 invention should be viewed as limited solely by the scope 
and spirit of the appended claims. 
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CLAIMS 

What is claimed is: 

1. A method of operation at a file server comprising: 

5 accessing at said file server (i) information encrypted 

with a first encryption key and (ii) an entry from an access 
control list;- said entry being associated with said 
encrypted information and a client authorized to read and 
modify said encrypted information, wherein said entry 
10 comprises a first decryption key encrypted with a second 
encryption key and wherein said first decryption key is 
usable to decrypt said encrypted information. 

transmitting to said client said encrypted information 
and said entry. 

15 

2. The method of claim 1 further comprising prior to said 
accessing step: 

storing said information encrypted with said first 
encryption key on said file server; and 
20 storing said entry on said file server. 

3. The method of claim 1 wherein said transmitting step 
comprises the step of transmitting said encrypted 
information and said entry in response to a request from 

25 said client. 

4. The method of claim 1 wherein said transmitting step 
comprises the step of transmitting to said requesting client 
said access control list. 

30 

5. The method of claim 1 wherein said first encryption key 
and said first decryption key are symmetric. 
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6. The method of claim 1 wherein said first encryption key 
comprises one of a public key and a private key of a first 
public/private key pair and said first decryption key 

5 comprises the other of said public key and said private key 
of said first public/private key pair. 

7. The method of claim 2 wherein said step of storing said 
entry on said file server includes the step of storing in 

10 association with said entry an unecrypted identifier 
associated with said client. 

8. The method of claim 2 wherein said step of storing said 
entry on said file server comprises the step of storing an 

15 access control list, wherein said entry comprises one entry 
of a plurality of entries within said access control list, 
and said entry includes said first decryption key combined 
with a check value to form a data stream, wherein said data 
stream is encrypted with a second encryption key associated 

2 0 with said client; and 

said transmitting step comprises the step of 
transmitting to said requesting client said encrypted 
information and said access control list. 

2 5 9. The method of claim 8 wherein said check value 
comprises a value known to said client. 

10. The method of claim 8 wherein said check comprises an 
identifier associated with said client. 

30 
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11. The method of claim 10 wherein said identifier 
comprises a client identifier that serves to identify said 
client; 

5 12. The method of claim 8 wherein said identifier comprises 
a group identifier that identifies a group of which said 
client is a member. 

13. A method for securely storing information on a file 
10 server and distributing the stored information, said method 
comprising: 

encrypting information at one of a plurality of clients 
in communication with said file server, said information 
being encrypted with a first encryption key having an 
15 associated first decryption key; 

encrypting said first decryption key with a second 
encryption key for each of said plurality of clients 
authorized to read and modify said information, wherein each 
respective one of said second encryption keys has a 
2 0 corresponding second decryption key retained by the 
respective one of said plurality of clients; 

storing said encrypted information on said file server 
and storing on said file server said encrypted first 
decryption keys as a plurality of entries within an access 
25 control list, wherein each one of said entries is associated 
with one of said plurality of clients; 

forwarding to at least a selected one of said plurality 
of clients said encrypted information and at least one of 
said entries; 

30 decrypting said encrypted first decryption key 

contained in said at least one of said entries utilizing the 
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second decryption key corresponding to the second encryption 
key for the respective entry; and 

decrypting said encrypted information using said first 
decryption key to obtain said information. 

5 

14. The method of claim 13 wherein said forwarding step 
comprises the step of forwarding said encrypted information 
and said at least one of said entries to said selected one 
of said plurality of clients in response to a request 

10 received at said file server from said selected one of said 
plurality of clients. 

15. The method of claim 14 wherein said request includes a 
client identifier associated with said selected one of said 

15 plurality of clients, said entries each include a client 
identifier associated with one of said plurality of clients, 
and wherein said forwarding step includes the step of 
forwarding to at least said selected one of said plurality 
of clients the said entry including the client identifier 

2 0 associated with the client identifier contained within said 
request . 

16. The method of claim 13 wherein said forwarding step 
comprises the step of forwarding to said selected one of 

25 said plurality of clients said encrypted information and 
said access control list. 

17. The method of claim 17 wherein said first encryption 
and decryption keys are symmetric. 

30 

18. The method of claim 13 wherein said second encryption 
and decryption keys are symmetric. 
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19. The method of claim 13 wherein said first encryption 
key comprises one of a public key and a private key of a 
first public/private key pair and the first decryption key 

5 comprises the other of said public key and said private key 
of said first public/private key pair. 

20. A method for storing information securely on a file 
server for access by members of a group, said method 

10 comprising the steps of: 

identifying the members of said group, wherein said 
group has a group identifier, 

encrypting information with a first encryption key 
having an associated first decryption key; 
15 encrypting said first decryption key with a group 

encryption key having an associated group decryption key for 
decrypting data encrypted with said group encryption key; 
and 

storing said encrypted information on said file server 
2 0 and storing said encrypted first decryption key on said file 
server within an access control list associated with said 
encrypted information and containing, at least at some 
times, a plurality of encrypted first decryption keys. 

25 21. A method for accessing information securely stored on a 
file server for access by members of a group, said method 
comprising: 

identifying the members of said group, wherein said 
group has a group identifier, 
30 encrypting information with a first encryption key 

having an associated first decryption key; 
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encrypting said first decryption key with a group 
encryption key having an associated group decryption key for 
decrypting data encrypted with said group encryption key; 

storing said encrypted information on said file server 
5 and storing said encrypted first decryption key on said file 
server within an access control list associated with said 
encrypted information and containing, at least at some 
times, a plurality of encrypted first decryption keys. 

in response to a request received at said file server 
10 from one of said members of said group, forwarding to said 
one of said members of said group said encrypted information 
and at least said encrypted first decryption key encrypted 
with said group encryption key; 

in a first decrypting step, decrypting said encrypted 
15 first decryption key with said group decryption key to 
obtain said first decryption key; and 

in a second decrypting step, decrypting said encrypted 
information using said first decryption key to obtain said 
information. 

20 

22, The method of claim 21 wherein said method further 
includes the step of distributing said group decryption key 
to said members of said group and said first decrypting step 
comprises the step of decrypting the encrypted first 

25 decryption key by said one of said members of said group 
using the distributed group decryption key. 

23. The method of claim 21 wherein said first decrypting 
step comprises the steps of: 

30 forwarding said encrypted first decryption key to a 

group server associated with said group identifier; 
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decrypting said encrypted first decryption key at said 
group server using said group decryption key; and 

forwarding said first decryption key to said one of 
said group members . 

5 

24. The method of claim 23 wherein said step of forwarding 
said first decryption key to said one of said group members 
comprises the step of forwarding the first decryption key to 
said one of said group members over a secure channel. 

10 

25. The method of claim 24 wherein said secure channel is a 
physically secure channel. 

26. The method of claim 24 wherein said secure channel 
15 comprises a non-secure communications path and said step of 

forwarding the first decryption key to said one of said 
group members over a secure channel comprises the steps of: 

encrypting said first decryption key with a third 
encryption key having an associated third decryption key 
2 0 known to said one of said group members; 

forwarding to said one of said group members said 
encrypted first decryption key encrypted with said third 
encryption key; and 

decrypting by said one of said group members, said 
2 5 encrypted first decryption key encrypted with said third 
encryption key using said third decryption key. 

27. The method of claim 26 wherein said third encryption 
key comprises a public key of a member public/private key 

30 pair and wherein said third decryption key comprises the 
member private key of said member public/private key pair. 
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28. The method of claim 26 wherein said third encryption 
and decryption keys are symmetric. 

29. The method of claim 21 wherein said first encryption 
5 and decryption keys are symmetric. 

30. The method of claim 21 wherein said first encryption 
key comprises one of a public key and a private key of a 
first public/private key pair and the first decryption key 

10 comprises the other of said public key and said private key 
of said first public/private key pair. 

31. A method for accessing information stored securely on a 
file server 

15 forwarding to said file server a request for 

information from a client; 

in response to said request, receiving from said file 
server said information encrypted with a first encryption 
key having an associated first decryption key and at least 

2 0 one access control list entry associated with a client 
authorized to read and modify said information, said 
received at least one entry including said first decryption 
key encrypted with a second encryption key having an 
associated second decryption key; 

25 decrypting said encrypted first decryption key using 

said second decryption key to obtain said first decryption 
key; and 

decrypting said encrypted information using said first 
decryption key. 

30 

32. The method of claim 31 wherein said first encryption 
and decryption keys are symmetric. 
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33. The method of claim 31 wherein said first encryption 
key comprises one of a public key and a private key of a 
first public/private key pair and the first decryption key 

5 comprises the other of said public key and said private key 
of said first public/private key pair. 

34. The method of claim 31 wherein said second encryption 
key comprises a public key of a member public/private key 

10 pair and said second decryption key comprises the private 
key of said member public/private key pair. 

35. A computer program product including a computer 
readable medium, said computer readable medium having a 

15 file server computer program stored thereon, said file 
server computer program for execution in a computer and 
comprising : 

program code for storing on said file server 
information encrypted with a first encryption key having a 

20 corresponding first decryption key; 

program code for storing on said file server an access 
control list, said access control list including at least 
one entry, said at least one entry including said first 
decryption key encrypted with a second encryption key 

25 associated with one of a plurality of clients authorized to 
read and modify said information and having access to a 
second decryption key associated with said second encryption 
key; and 

program code for transmitting to said one of said 
30 plurality of clients said encrypted information and said at 
least one entry. 
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36, A computer data signal, said computer data signal 
including a computer program for use in accessing 
encrypted information stored on a file server, said 
computer program comprising: 

program code for storing on said file server 
information encrypted with a first encryption key having a 
corresponding first decryption key; 

program code for storing on said file server an access 
control list, said access control list including at least 
one entry, each of said at least one entry including said 
first decryption key encrypted with a second encryption key 
associated with one of a plurality of clients authorized to 
read and modify said information and having access to a 
second decryption key associated with said second encryption 
key; and 

program code for transmitting to said one of said 
plurality of clients said encrypted information and said 
at least one entry. 

37, Apparatus for accessing encrypted data stored on a file 
server comprising: 

means for storing on said file server information 
encrypted with a first encryption key having a corresponding 
first decryption key; 

means for storing on said file server an access control 
list, said access control list including at least one entry, 
said at least one entry including said first decryption key 
encrypted with a second encryption key associated with one 
of a plurality of clients authorized to read and modify said 
information and having access to a second decryption key 
associated with said second encryption key; and 



program code for transmitting to said one of said 
plurality of clients said encrypted information and said at 
least one entry. 

5 
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ABSTRACT OF THE DISCLOSURE 



A method and apparatus for utilizing a non-secure file 
server for storing and sharing data securely only among 
5 clients and groups authorized to read and modify the data, 
A first client that desires to store data on the file server 
encrypts the data with a first encryption key having an 
associated first decryption key. The client encrypts the 
first decryption key with a second encryption key having an 

10 associated second decryption key known to the first client. 
Additionally, the first decryption key is encrypted with 
respective encryption keys of other clients or groups 
intended to have access to the data stored on the file 
server and the clients and groups retain their respective 

15 decryption keys. All of the encrypted first decryption keys 
are stored within an access control list in association with 
the encrypted data on the non-secure file server. In 
response to an indication that the data should be 
transmitted to one of the clients, the file server returns 

2 0 to the client the encrypted data along with at least the 
applicable encrypted first decryption key for the respective 
client. The client is able to decrypt the first decryption 
key and decrypt the data using the unencrypted first 
decryption key. The data may then be modified and securely 

25 stored on the file server as described above. The first 
decryption key may also be encrypted with a second 
encryption key having a second decryption key known to 
members of a group or a group server. The first encryption 
key encrypted with the group second encryption key is stored 

30 in the access control list so that group members can obtain 
access to the encrypted data stored on the file server. 
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